A security flaw has been found in the default installation process for Microsoft's Internet Explorer, Outlook and Outlook Express, according to eEye Digital Security. A common thread with these applications is the potential for a buffer overflow, which in turn could allow an attacker to gain access to users' systems remotely, said Mike Puterbaugh, eEye's senior director of product marketing.
eEye, which issued an announcement about the problem late last week, noted that systems at risk include those running Windows XP with Service Pack 0 or 1 and Windows 2000. The security specialist noted that it is still conducting reviews of the flaw and could find that other versions of the operating system are affected. Microsoft is not aware of any attacks involving the reported vulnerability or any customers who have been affected, a company representative said.
View: The full story
News source: ZDNet UK
eEye, which issued an announcement about the problem late last week, noted that systems at risk include those running Windows XP with Service Pack 0 or 1 and Windows 2000. The security specialist noted that it is still conducting reviews of the flaw and could find that other versions of the operating system are affected. Microsoft is not aware of any attacks involving the reported vulnerability or any customers who have been affected, a company representative said.
View: The full story News source: ZDNet UK
News story updated and re-sourced to the author.
Please note that Something Awful is filtered at Neowin for it's hot-linking retaliation practices. This is to stop our members directly hot-linking content from that site.
Steven Parker @ 15:44 CET
Only a small number of unchecked buffers allow for system compromise, because the attacker needs some way to put data in the unchecked field and a commonly executed piece of code must reside directly after the memory block. However the risk level of “could allow an attacker to gain access to users' systems” seems to be given to all unchecked buffer flaws found. I’m not saying that is wrong, because there is a chance someone could find a way to do it, but there is a very good chance that an exploit could not be found, or if one was found it might have a low success percentage (if the attacker is only able to re-write a rarely used piece of code for example). There is also the user intervention, does the exploit require user intervention, does it require the user to accept a security warning, does it require the user to do something difficult to do (ie, search for a file on the hard drive and run or delete it)? Each time you answer Yes to any of those you significantly reduced the risk of a virus spreading.
Last edited by 54918 on 07 Sep 2005 - 15:07
If you meant "monopolistic" or perhaps "monoculture", I think you can see by the linked examples above, that software flaws hold no political, social or economic bounds.
Get your terminology right, ZDnet.
Why are some people still running pre-XPsp2 machines? Various reasons exist... but in my books most of those are atributable to computer illitearcy. A lot of people don't know what Windows Update is, don't know what Automatic Updates is, and if you mention a Service Pack they look at you like the proveribial deer caught in the headlights.
The computer illiterates of the world want to treat their PCs like a TV set. They expect it to work perfectly out of the box. They have no idea that the thing needs regular software updates. Frankly, these people should have a computer-free exclusion zone drawn around them becasue they are dangerous to themselves and others when it comes to PCs.
I can agree with an IT professional working in an enterprise environment doing extensive tests on updates before implementing them, but in the average "Joe's" or "Jane's" home computer it almost seems a bit silly not to update.
Secondly, PRIATE is not an old term... Installing software that you don't have a license for is called pirating (not evaluateing, borrowing, or using as a trial) and its against the law. MS has trial software, as do many other companies, that one could install legally with a limited license, any other method is stealing!
Last, Microsoft makes some great software and they're the first to acknowledge that there is a flaw in their code and correct the issue faster than any other company out there.
Last edited by 4736 on 07 Sep 2005 - 16:59
Funny, it doesn't take me 16 hours + to update my computer. Maybe you're just doing it wrong.
And, of course, you know that SP2 could have been installed automatically, right?
Grammar and spelling mistakes bolded; unreadable sentences/phrases italicised.
Ironic. Let's not insult someone else's spelling unless you made sure to proof your own.
I don't remember explaining that I went to IT school, much less graduated from one as if I was high-all-mighty. Also, sorry, please replace evaluateing with evaluating... yup, looks like that's all the spelling errors in my reply to your message.
You showed you cared when you tried to attack me on my lack of spelling capabilities. You can't have it both ways; it makes you look like a dumb-ass.
Now that is an asumption if I've ever heard one. I have plenty of "family" time and still have my computer up-to-date. Microsoft Update will update all my Microsoft software for me. There is also the lovely Windows Automatic Update service which will keep my machine safe from all critical known flaws in Windows. On average I can rebuild, from scratch, a computer to include OS, Office, Updates for each in about 2 hours... whats your deal?
You brought it up
Not I, the English language. You've joined multiple independant clauses together, therefore it's a fused sentence. Maybe Parithon isn't the one who needs spelling school.
They just need to be educated more.
Last edited by 33280 on 07 Sep 2005 - 18:41
Commenting has either been disabled on this article or you are not logged in. Click here to login or register, its free!
Note: Anonymous commenting is disabled in order to keep the quality of responses to a high standard.